It would be great if you could allow your sites user base to link too their SE userId and this could then be verified.

Not sure if there are privacy issues here, but one way would be too include the openid url of SE users in the user api call. This way if your site uses openid you could verify and link users that supply their SE userId to you.

Eg:

Bob logs into superfasterfood.com with his open id url bob.myopenid.com

Bob updates his superfasterfood.com profile to say he is SO user id 999

Superfastfood.com makes an api call for user id 999 and verifies the open ids match

Bob profile on superfasterfood.com is now linked to his SO user id

Bob now gets a 10% discount on superfasterfood.com because he has 1000 rep on SO

Might be missing something obvious with the above. If using openid doesnt present a privacy nightmare you could allow userId look up by openid.

Another option would be some type of OAuth setup, be that seems a little over the top.

would this work? replace step 2 with: get back an email from the open id provider, hash this email and look up Bob's profile in the SO dump. (Of course a API call would be nicer...)
–
russauAug 9 '10 at 4:45

This will probably never be implemented because the OpenID URL of a users is somewhat secret, and would definitely be considered private.On dev.meta.stackoverflow, someone asked this question, and the dev team was very quick to say that the OpenID URL would never be revealed.

There might, however, be a more secure method to validate the User/OpenID connection.

Instead of returning the user's OpenID in the API, another API call would be made to verify it. You would have to send a url encoded version of the OpenID URL to StackOverflow, and they would compare it with the one they have, and if it matches they will return a success method.

This would have to be a limited call (as to prevent guessing), and it would work very similar to a Username/Password system, where that the only way you would get a success is if you gave the correct Username/OpenID combination.

My only fear is that this might anger some users because StackOverflow really isn't suppose to be telling other people what their OpenID is. While it seems like this isn't really giving out the OpenID, it is a way that would make your OpenID not completely hidden.